Actions
Bug #1929
closedAll files created with world-writable permissions
Description
The proxy daemon runs with a umask of 0:
(gdb) call umask(0) $1 = 0
The files and directories it creates all have world-writable bits set, which is dangerous:
-rw-rw-rw-. 1 foreman-proxy foreman-proxy 104 Nov 7 14:51 /var/log/foreman-proxy/access.log drwxrwxrwx. 2 foreman-proxy foreman-proxy 4096 Oct 28 22:07 /var/lib/tftpboot/boot -rw-rw-rw-. 1 foreman-proxy foreman-proxy 24337760 May 22 20:55 /var/lib/tftpboot/boot/Fedora-17-x86_64-initrd.img -rw-rw-rw-. 1 foreman-proxy foreman-proxy 4662160 May 7 2012 /var/lib/tftpboot/boot/Fedora-17-x86_64-vmlinuz drwxrwxrwx. 2 foreman-proxy foreman-proxy 4096 Oct 28 22:34 /var/lib/tftpboot/pxelinux.cfg -rw-rw-rw-. 1 foreman-proxy foreman-proxy 161 Oct 28 21:19 /var/lib/tftpboot/pxelinux.cfg/default
Actions